## NSA 付錢給 RSA 放後門的事件...

Edward Snowden 再次丟出 NSA 內部文件，表示 NSA 付錢給 RSA 在演算法裡面放後門：「Exclusive: Secret contract tied NSA and security industry pioneer」。

RSA 的回應則是完全不想提到這筆錢是做什麼用的：「RSA Response to Media Claims Regarding NSA Relationship」。

Our experimental results and also empirical argument show that the DEC PRG is insecure. The attack does not imply solving the ECDLP for the corresponding elliptic curve. The attack is very efficient.

Problems with Dual_EC_DRBG were first described in early 2006. The math is complicated, but the general point is that the random numbers it produces have a small bias. The problem isn't large enough to make the algorithm unusable -- and Appendix E of the NIST standard describes an optional work-around to avoid the issue -- but it's cause for concern. Cryptographers are a conservative bunch: We don't like to use algorithms that have even a whiff of a problem.

My recommendation, if you're in need of a random-number generator, is not to use Dual_EC_DRBG under any circumstances. If you have to use something in SP 800-90, use CTR_DRBG or Hash_DRBG.

## NSA 每天從全世界的基地台蒐集行動電話資料，所以全民公敵裡演的都是真的嘛...

NSA 每天從「全世界的」基地台蒐集五十億筆資料：「NSA Tracking Cellphone Locations Worldwide」。

Update：有人給了模擬案例了「Meet Jack. Or, What The Government Could Do With All That Location Data」：

## NSA 聽 Google 與 Yahoo! 跨機房的 LAN...

Switch 與 Router 要內建 Wirespeed IPsec 的時代要來臨了嗎... 40Gbps (甚至 100Gbps) 的 IPsec 能力！XDDD

## DuckDuckGo 用一個禮拜後...

• 資料不夠完整，有些站台沒有被收到 DuckDuckGo 裡面。不過比起 DuckDuckGo 剛出來那陣子，感覺已經好很多了... (當初是用兩個小時就放棄了)
• 反應速度太慢，等五秒是常態... 以前沒那麼慢，應該是跟這陣子爆炸性成長有關。